Re: An odd X question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



    Hello Stuart,

On 06/25/2015 11:51 PM, Stuart Barkley wrote:
For (ssh based) X forwarding no X server needs to run on the server.
I usually install the xorg-x11-xauth (necessary) and xterm (optional)
rpms on all my servers in case X forwarding becomes necessary.

Then from your desktop (assuming Linux already running X) in a local
xterm do something like:

     ssh -Y remote-system
Do not use that because any user logged on the server can connect to your X server display and snoop what you are doing, open windows etc.

-Y disables all the X server authentication mechanisms (http://www.x.org/wiki/Development/Documentation/Security/)
Note about -X versus -Y with ssh:

-X enables basic X forwarding, It disables some X functionality making
it "safer" to allow.  -X also stops working after about 20 minutes
(this is by design but not well documented).  I only recently learned
why it would stop working after pulling out the last of my hair.
I have been using ssh X forwarding for current work use (local betwork) for more than 15 years and never got into this kind of problem from RH 7 to Centos 7, AIX and Solaris.

Maybe it is some other issue that is closing your ssh connection (maybe you should use the KeepAlive options on the ssh server/client); just guessing.
-Y allows the full X protocol which might be a security risk.  Some
applications will only work with -Y.  With this, remote X applications
can grab keyboard interactions, grab passwords, put windows on top of
other windows (obscuring security messages), etc.

For my own choice I use -Y (although I only enable it occasionally to
specific systems).

It is a security risk as I said above any user logged on the server can connect to your display X server without you knowing.

Lec

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux